SUSE: 2022:2763-1 suse/pcp Security Update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2763-1
Container Tags        : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.38 , suse/pcp:latest
Container Release     : 11.38
Severity              : important
Type                  : security
References            : 1087072 1194047 1203911 1204111 1204112 1204113 1204383 1204386
                        CVE-2022-32221 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42916
-----------------------------------------------------------------

The container suse/pcp was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3785-1
Released:    Wed Oct 26 20:20:19 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1204383,1204386,CVE-2022-32221,CVE-2022-42916
This update for curl fixes the following issues:

  - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
  - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3787-1
Released:    Thu Oct 27 04:41:09 2022
Summary:     Recommended update for permissions
Type:        recommended
Severity:    important
References:  1194047,1203911
This update for permissions fixes the following issues:

- Fix regression introduced by backport of security fix (bsc#1203911)
- Add permissions for enlightenment helper on 32bit arches (bsc#1194047)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3806-1
Released:    Thu Oct 27 17:21:11 2022
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012
This update for dbus-1 fixes the following issues:

  - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
  - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
  - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).

  Bugfixes:

  - Disable asserts (bsc#1087072).



The following package changes have been done:

- libcurl4-7.79.1-150400.5.9.1 updated
- permissions-20201225-150400.5.16.1 updated
- libdbus-1-3-1.12.2-150400.18.5.1 updated
- dbus-1-1.12.2-150400.18.5.1 updated
- container:bci-bci-init-15.4-15.4-24.14 updated

SUSE: 2022:2763-1 suse/pcp Security Update

October 28, 2022
The container suse/pcp was updated

Summary

Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important

References

References : 1087072 1194047 1203911 1204111 1204112 1204113 1204383 1204386

CVE-2022-32221 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42916

1204383,1204386,CVE-2022-32221,CVE-2022-42916

This update for curl fixes the following issues:

- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).

- CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).

1194047,1203911

This update for permissions fixes the following issues:

- Fix regression introduced by backport of security fix (bsc#1203911)

- Add permissions for enlightenment helper on 32bit arches (bsc#1194047)

1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012

This update for dbus-1 fixes the following issues:

- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).

- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).

- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).

Bugfixes:

- Disable asserts (bsc#1087072).

The following package changes have been done:

- libcurl4-7.79.1-150400.5.9.1 updated

- permissions-20201225-150400.5.16.1 updated

- libdbus-1-3-1.12.2-150400.18.5.1 updated

- dbus-1-1.12.2-150400.18.5.1 updated

- container:bci-bci-init-15.4-15.4-24.14 updated

Severity
Container Advisory ID : SUSE-CU-2022:2763-1
Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.38 , suse/pcp:latest
Container Release : 11.38
Severity : important
Type : security

Related News

Tails 5.11 Amnesic Incognito Live System Switches to ZRam and Linux Kernel 6.1 LTS

Iron Tiger Hackers Create Linux Version of Their Custom Malware

Linux Support Expands Cyber Spy Group's Arsenal

The Open Source Firewall – IPFire 2.27 – Core Update 173 Released: What’s New?

News

Advisories

HOWTOs

Features

Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy